Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* request_key.c: request a key from userspace |
2 | * | |
3e30148c | 3 | * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
f1a9badc DH |
10 | * |
11 | * See Documentation/keys-request-key.txt | |
1da177e4 LT |
12 | */ |
13 | ||
14 | #include <linux/module.h> | |
15 | #include <linux/sched.h> | |
16 | #include <linux/kmod.h> | |
17 | #include <linux/err.h> | |
3e30148c | 18 | #include <linux/keyctl.h> |
1da177e4 LT |
19 | #include "internal.h" |
20 | ||
21 | struct key_construction { | |
22 | struct list_head link; /* link in construction queue */ | |
23 | struct key *key; /* key being constructed */ | |
24 | }; | |
25 | ||
26 | /* when waiting for someone else's keys, you get added to this */ | |
27 | DECLARE_WAIT_QUEUE_HEAD(request_key_conswq); | |
28 | ||
29 | /*****************************************************************************/ | |
30 | /* | |
31 | * request userspace finish the construction of a key | |
b5f545c8 | 32 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 33 | */ |
b5f545c8 DH |
34 | static int call_sbin_request_key(struct key *key, |
35 | struct key *authkey, | |
36 | const char *op) | |
1da177e4 LT |
37 | { |
38 | struct task_struct *tsk = current; | |
1da177e4 | 39 | key_serial_t prkey, sskey; |
b5f545c8 DH |
40 | struct key *keyring; |
41 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | |
1da177e4 | 42 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 43 | char desc[20]; |
3e30148c DH |
44 | int ret, i; |
45 | ||
b5f545c8 | 46 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
3e30148c | 47 | |
b5f545c8 DH |
48 | /* allocate a new session keyring */ |
49 | sprintf(desc, "_req.%u", key->serial); | |
50 | ||
51 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, 1, NULL); | |
52 | if (IS_ERR(keyring)) { | |
53 | ret = PTR_ERR(keyring); | |
54 | goto error_alloc; | |
3e30148c | 55 | } |
1da177e4 | 56 | |
b5f545c8 DH |
57 | /* attach the auth key to the session keyring */ |
58 | ret = __key_link(keyring, authkey); | |
59 | if (ret < 0) | |
60 | goto error_link; | |
61 | ||
1da177e4 LT |
62 | /* record the UID and GID */ |
63 | sprintf(uid_str, "%d", current->fsuid); | |
64 | sprintf(gid_str, "%d", current->fsgid); | |
65 | ||
66 | /* we say which key is under construction */ | |
67 | sprintf(key_str, "%d", key->serial); | |
68 | ||
69 | /* we specify the process's default keyrings */ | |
70 | sprintf(keyring_str[0], "%d", | |
71 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); | |
72 | ||
73 | prkey = 0; | |
74 | if (tsk->signal->process_keyring) | |
75 | prkey = tsk->signal->process_keyring->serial; | |
76 | ||
3e30148c | 77 | sprintf(keyring_str[1], "%d", prkey); |
1da177e4 | 78 | |
3e30148c DH |
79 | if (tsk->signal->session_keyring) { |
80 | rcu_read_lock(); | |
81 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | |
82 | rcu_read_unlock(); | |
83 | } | |
84 | else { | |
1da177e4 | 85 | sskey = tsk->user->session_keyring->serial; |
3e30148c | 86 | } |
1da177e4 | 87 | |
1da177e4 LT |
88 | sprintf(keyring_str[2], "%d", sskey); |
89 | ||
90 | /* set up a minimal environment */ | |
91 | i = 0; | |
92 | envp[i++] = "HOME=/"; | |
93 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
94 | envp[i] = NULL; | |
95 | ||
96 | /* set up the argument list */ | |
97 | i = 0; | |
98 | argv[i++] = "/sbin/request-key"; | |
99 | argv[i++] = (char *) op; | |
100 | argv[i++] = key_str; | |
101 | argv[i++] = uid_str; | |
102 | argv[i++] = gid_str; | |
103 | argv[i++] = keyring_str[0]; | |
104 | argv[i++] = keyring_str[1]; | |
105 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
106 | argv[i] = NULL; |
107 | ||
108 | /* do it */ | |
b5f545c8 | 109 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1); |
3e30148c | 110 | |
b5f545c8 DH |
111 | error_link: |
112 | key_put(keyring); | |
3e30148c | 113 | |
b5f545c8 | 114 | error_alloc: |
3e30148c DH |
115 | kleave(" = %d", ret); |
116 | return ret; | |
1da177e4 | 117 | |
b5f545c8 | 118 | } /* end call_sbin_request_key() */ |
1da177e4 LT |
119 | |
120 | /*****************************************************************************/ | |
121 | /* | |
122 | * call out to userspace for the key | |
123 | * - called with the construction sem held, but the sem is dropped here | |
124 | * - we ignore program failure and go on key status instead | |
125 | */ | |
126 | static struct key *__request_key_construction(struct key_type *type, | |
127 | const char *description, | |
128 | const char *callout_info) | |
129 | { | |
b5f545c8 | 130 | request_key_actor_t actor; |
1da177e4 LT |
131 | struct key_construction cons; |
132 | struct timespec now; | |
b5f545c8 | 133 | struct key *key, *authkey; |
76d8aeab | 134 | int ret, negated; |
1da177e4 | 135 | |
3e30148c DH |
136 | kenter("%s,%s,%s", type->name, description, callout_info); |
137 | ||
1da177e4 LT |
138 | /* create a key and add it to the queue */ |
139 | key = key_alloc(type, description, | |
664cceb0 | 140 | current->fsuid, current->fsgid, KEY_POS_ALL, 0); |
1da177e4 LT |
141 | if (IS_ERR(key)) |
142 | goto alloc_failed; | |
143 | ||
76d8aeab | 144 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
1da177e4 LT |
145 | |
146 | cons.key = key; | |
147 | list_add_tail(&cons.link, &key->user->consq); | |
148 | ||
149 | /* we drop the construction sem here on behalf of the caller */ | |
150 | up_write(&key_construction_sem); | |
151 | ||
b5f545c8 DH |
152 | /* allocate an authorisation key */ |
153 | authkey = request_key_auth_new(key, callout_info); | |
154 | if (IS_ERR(authkey)) { | |
155 | ret = PTR_ERR(authkey); | |
156 | authkey = NULL; | |
157 | goto alloc_authkey_failed; | |
158 | } | |
159 | ||
1da177e4 | 160 | /* make the call */ |
b5f545c8 DH |
161 | actor = call_sbin_request_key; |
162 | if (type->request_key) | |
163 | actor = type->request_key; | |
164 | ret = actor(key, authkey, "create"); | |
1da177e4 LT |
165 | if (ret < 0) |
166 | goto request_failed; | |
167 | ||
168 | /* if the key wasn't instantiated, then we want to give an error */ | |
169 | ret = -ENOKEY; | |
76d8aeab | 170 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
1da177e4 LT |
171 | goto request_failed; |
172 | ||
b5f545c8 DH |
173 | key_revoke(authkey); |
174 | key_put(authkey); | |
175 | ||
1da177e4 LT |
176 | down_write(&key_construction_sem); |
177 | list_del(&cons.link); | |
178 | up_write(&key_construction_sem); | |
179 | ||
180 | /* also give an error if the key was negatively instantiated */ | |
b5f545c8 | 181 | check_not_negative: |
76d8aeab | 182 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { |
1da177e4 LT |
183 | key_put(key); |
184 | key = ERR_PTR(-ENOKEY); | |
185 | } | |
186 | ||
b5f545c8 | 187 | out: |
3e30148c | 188 | kleave(" = %p", key); |
1da177e4 LT |
189 | return key; |
190 | ||
b5f545c8 DH |
191 | request_failed: |
192 | key_revoke(authkey); | |
193 | key_put(authkey); | |
194 | ||
195 | alloc_authkey_failed: | |
1da177e4 LT |
196 | /* it wasn't instantiated |
197 | * - remove from construction queue | |
198 | * - mark the key as dead | |
199 | */ | |
76d8aeab | 200 | negated = 0; |
1da177e4 LT |
201 | down_write(&key_construction_sem); |
202 | ||
203 | list_del(&cons.link); | |
204 | ||
1da177e4 | 205 | /* check it didn't get instantiated between the check and the down */ |
76d8aeab DH |
206 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { |
207 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); | |
208 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); | |
209 | negated = 1; | |
1da177e4 LT |
210 | } |
211 | ||
76d8aeab DH |
212 | clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
213 | ||
1da177e4 LT |
214 | up_write(&key_construction_sem); |
215 | ||
76d8aeab | 216 | if (!negated) |
1da177e4 LT |
217 | goto check_not_negative; /* surprisingly, the key got |
218 | * instantiated */ | |
219 | ||
220 | /* set the timeout and store in the session keyring if we can */ | |
221 | now = current_kernel_time(); | |
222 | key->expiry = now.tv_sec + key_negative_timeout; | |
223 | ||
224 | if (current->signal->session_keyring) { | |
1da177e4 LT |
225 | struct key *keyring; |
226 | ||
8589b4e0 DH |
227 | rcu_read_lock(); |
228 | keyring = rcu_dereference(current->signal->session_keyring); | |
1da177e4 | 229 | atomic_inc(&keyring->usage); |
8589b4e0 | 230 | rcu_read_unlock(); |
1da177e4 LT |
231 | |
232 | key_link(keyring, key); | |
233 | key_put(keyring); | |
234 | } | |
235 | ||
236 | key_put(key); | |
237 | ||
238 | /* notify anyone who was waiting */ | |
239 | wake_up_all(&request_key_conswq); | |
240 | ||
241 | key = ERR_PTR(ret); | |
242 | goto out; | |
243 | ||
b5f545c8 | 244 | alloc_failed: |
1da177e4 LT |
245 | up_write(&key_construction_sem); |
246 | goto out; | |
247 | ||
248 | } /* end __request_key_construction() */ | |
249 | ||
250 | /*****************************************************************************/ | |
251 | /* | |
252 | * call out to userspace to request the key | |
253 | * - we check the construction queue first to see if an appropriate key is | |
254 | * already being constructed by userspace | |
255 | */ | |
256 | static struct key *request_key_construction(struct key_type *type, | |
257 | const char *description, | |
258 | struct key_user *user, | |
259 | const char *callout_info) | |
260 | { | |
261 | struct key_construction *pcons; | |
262 | struct key *key, *ckey; | |
263 | ||
264 | DECLARE_WAITQUEUE(myself, current); | |
265 | ||
3e30148c DH |
266 | kenter("%s,%s,{%d},%s", |
267 | type->name, description, user->uid, callout_info); | |
268 | ||
1da177e4 LT |
269 | /* see if there's such a key under construction already */ |
270 | down_write(&key_construction_sem); | |
271 | ||
272 | list_for_each_entry(pcons, &user->consq, link) { | |
273 | ckey = pcons->key; | |
274 | ||
275 | if (ckey->type != type) | |
276 | continue; | |
277 | ||
278 | if (type->match(ckey, description)) | |
279 | goto found_key_under_construction; | |
280 | } | |
281 | ||
282 | /* see about getting userspace to construct the key */ | |
283 | key = __request_key_construction(type, description, callout_info); | |
284 | error: | |
3e30148c | 285 | kleave(" = %p", key); |
1da177e4 LT |
286 | return key; |
287 | ||
288 | /* someone else has the same key under construction | |
289 | * - we want to keep an eye on their key | |
290 | */ | |
291 | found_key_under_construction: | |
292 | atomic_inc(&ckey->usage); | |
293 | up_write(&key_construction_sem); | |
294 | ||
295 | /* wait for the key to be completed one way or another */ | |
296 | add_wait_queue(&request_key_conswq, &myself); | |
297 | ||
298 | for (;;) { | |
3e30148c | 299 | set_current_state(TASK_INTERRUPTIBLE); |
76d8aeab | 300 | if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags)) |
1da177e4 | 301 | break; |
3e30148c DH |
302 | if (signal_pending(current)) |
303 | break; | |
1da177e4 LT |
304 | schedule(); |
305 | } | |
306 | ||
307 | set_current_state(TASK_RUNNING); | |
308 | remove_wait_queue(&request_key_conswq, &myself); | |
309 | ||
310 | /* we'll need to search this process's keyrings to see if the key is | |
311 | * now there since we can't automatically assume it's also available | |
312 | * there */ | |
313 | key_put(ckey); | |
314 | ckey = NULL; | |
315 | ||
316 | key = NULL; /* request a retry */ | |
317 | goto error; | |
318 | ||
319 | } /* end request_key_construction() */ | |
320 | ||
3e30148c DH |
321 | /*****************************************************************************/ |
322 | /* | |
323 | * link a freshly minted key to an appropriate destination keyring | |
324 | */ | |
325 | static void request_key_link(struct key *key, struct key *dest_keyring) | |
326 | { | |
327 | struct task_struct *tsk = current; | |
328 | struct key *drop = NULL; | |
329 | ||
330 | kenter("{%d},%p", key->serial, dest_keyring); | |
331 | ||
332 | /* find the appropriate keyring */ | |
333 | if (!dest_keyring) { | |
334 | switch (tsk->jit_keyring) { | |
335 | case KEY_REQKEY_DEFL_DEFAULT: | |
336 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | |
337 | dest_keyring = tsk->thread_keyring; | |
338 | if (dest_keyring) | |
339 | break; | |
340 | ||
341 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
342 | dest_keyring = tsk->signal->process_keyring; | |
343 | if (dest_keyring) | |
344 | break; | |
345 | ||
346 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
347 | rcu_read_lock(); | |
348 | dest_keyring = key_get( | |
349 | rcu_dereference(tsk->signal->session_keyring)); | |
350 | rcu_read_unlock(); | |
351 | drop = dest_keyring; | |
352 | ||
353 | if (dest_keyring) | |
354 | break; | |
355 | ||
356 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
357 | dest_keyring = current->user->session_keyring; | |
358 | break; | |
359 | ||
360 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
361 | dest_keyring = current->user->uid_keyring; | |
362 | break; | |
363 | ||
364 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
365 | default: | |
366 | BUG(); | |
367 | } | |
368 | } | |
369 | ||
370 | /* and attach the key to it */ | |
371 | key_link(dest_keyring, key); | |
372 | ||
373 | key_put(drop); | |
374 | ||
375 | kleave(""); | |
376 | ||
377 | } /* end request_key_link() */ | |
378 | ||
1da177e4 LT |
379 | /*****************************************************************************/ |
380 | /* | |
381 | * request a key | |
382 | * - search the process's keyrings | |
383 | * - check the list of keys being created or updated | |
3e30148c DH |
384 | * - call out to userspace for a key if supplementary info was provided |
385 | * - cache the key in an appropriate keyring | |
1da177e4 | 386 | */ |
3e30148c DH |
387 | struct key *request_key_and_link(struct key_type *type, |
388 | const char *description, | |
389 | const char *callout_info, | |
390 | struct key *dest_keyring) | |
1da177e4 LT |
391 | { |
392 | struct key_user *user; | |
393 | struct key *key; | |
664cceb0 | 394 | key_ref_t key_ref; |
1da177e4 | 395 | |
3e30148c DH |
396 | kenter("%s,%s,%s,%p", |
397 | type->name, description, callout_info, dest_keyring); | |
398 | ||
1da177e4 | 399 | /* search all the process keyrings for a key */ |
664cceb0 DH |
400 | key_ref = search_process_keyrings(type, description, type->match, |
401 | current); | |
1da177e4 | 402 | |
664cceb0 DH |
403 | kdebug("search 1: %p", key_ref); |
404 | ||
405 | if (!IS_ERR(key_ref)) { | |
406 | key = key_ref_to_ptr(key_ref); | |
407 | } | |
408 | else if (PTR_ERR(key_ref) != -EAGAIN) { | |
409 | key = ERR_PTR(PTR_ERR(key_ref)); | |
410 | } | |
411 | else { | |
1da177e4 LT |
412 | /* the search failed, but the keyrings were searchable, so we |
413 | * should consult userspace if we can */ | |
414 | key = ERR_PTR(-ENOKEY); | |
415 | if (!callout_info) | |
416 | goto error; | |
417 | ||
418 | /* - get hold of the user's construction queue */ | |
419 | user = key_user_lookup(current->fsuid); | |
3e30148c DH |
420 | if (!user) |
421 | goto nomem; | |
422 | ||
664cceb0 | 423 | for (;;) { |
3e30148c DH |
424 | if (signal_pending(current)) |
425 | goto interrupted; | |
1da177e4 | 426 | |
1da177e4 LT |
427 | /* ask userspace (returns NULL if it waited on a key |
428 | * being constructed) */ | |
429 | key = request_key_construction(type, description, | |
430 | user, callout_info); | |
431 | if (key) | |
432 | break; | |
433 | ||
434 | /* someone else made the key we want, so we need to | |
435 | * search again as it might now be available to us */ | |
664cceb0 DH |
436 | key_ref = search_process_keyrings(type, description, |
437 | type->match, | |
438 | current); | |
439 | ||
440 | kdebug("search 2: %p", key_ref); | |
3e30148c | 441 | |
664cceb0 DH |
442 | if (!IS_ERR(key_ref)) { |
443 | key = key_ref_to_ptr(key_ref); | |
444 | break; | |
445 | } | |
446 | ||
447 | if (PTR_ERR(key_ref) != -EAGAIN) { | |
448 | key = ERR_PTR(PTR_ERR(key_ref)); | |
449 | break; | |
450 | } | |
451 | } | |
1da177e4 LT |
452 | |
453 | key_user_put(user); | |
3e30148c DH |
454 | |
455 | /* link the new key into the appropriate keyring */ | |
1260f801 | 456 | if (!IS_ERR(key)) |
3e30148c | 457 | request_key_link(key, dest_keyring); |
1da177e4 LT |
458 | } |
459 | ||
3e30148c DH |
460 | error: |
461 | kleave(" = %p", key); | |
1da177e4 LT |
462 | return key; |
463 | ||
3e30148c DH |
464 | nomem: |
465 | key = ERR_PTR(-ENOMEM); | |
466 | goto error; | |
467 | ||
468 | interrupted: | |
469 | key_user_put(user); | |
470 | key = ERR_PTR(-EINTR); | |
471 | goto error; | |
472 | ||
473 | } /* end request_key_and_link() */ | |
474 | ||
475 | /*****************************************************************************/ | |
476 | /* | |
477 | * request a key | |
478 | * - search the process's keyrings | |
479 | * - check the list of keys being created or updated | |
480 | * - call out to userspace for a key if supplementary info was provided | |
481 | */ | |
482 | struct key *request_key(struct key_type *type, | |
483 | const char *description, | |
484 | const char *callout_info) | |
485 | { | |
486 | return request_key_and_link(type, description, callout_info, NULL); | |
487 | ||
1da177e4 LT |
488 | } /* end request_key() */ |
489 | ||
490 | EXPORT_SYMBOL(request_key); |